Network Worm Detection using Markov's and Cantelli's Inequalities
Keyword(s): network worms, anomaly detection
Abstract: This paper presents a method of detecting network worms, which makes use of Markov's and Cantelli's statistical inequalities. This method is compared with a detection method based on one used in a commercial security product, using a data set consisting of over 3 million packets sampled from an enterprise network. The Markov-Cantelli detection method produces considerably fewer false alarms than the comparison method.
Additional Publication Information: Published and presented at SBRC'09, Recife, Brazil, 25-29 May 2009.
External Posting Date: July 21, 2009 [Fulltext]. Approved for External Publication
Internal Posting Date: July 21, 2009 [Fulltext]